Before I get to the meat of this post, we need to revisit a little history. The cyber security firm hired to inspect the DNC hack and determine who was responsible is a firm called Crowdstrike. Its conclusion that Russia was responsible was released last year, but several people began to call its analysis into question upon further inspection.

Jeffrey Carr was one of the most prominent cynics, and as he noted in his December post, FBI/DHS Joint Analysis Report: A Fatally Flawed Effort:

The FBI/DHS Joint Analysis Report (JAR) Grizzly Steppe was released yesterday as part of the White Houses response to alleged Russian government interference in the 2016 election process. It adds nothing to the call for evidence that the Russian government was responsible for hacking the DNC, the DCCC, the email accounts of Democratic party officials, or for delivering the content of those hacks to Wikileaks.

It merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.

Unlike Crowdstrike, ESET doesnt assign APT28/Fancy Bear/Sednit to a Russian Intelligence Service or anyone else for a very simple reason. Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone. In other words malware deployed is malware enjoyed!

If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.

If the White House had unclassified evidence that tied officials in the Russian government to the DNC attack, they would have presented it by now. The fact that they didnt means either that the evidence doesnt exist or that it is classified.

If its classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling attribution-as-a-service.

Nevertheless, countless people, including the entirety of the corporate media, put total faith in the analysis of Crowdstrike despite the fact that the FBI was denied access to perform its own analysis. Which makes me wonder, did the U.S. government do any real analysis of its own on the DNC hack, or did it just copy/paste Crowdstrike?

As The Hill reported in January:

The FBI requested direct access to the Democratic National Committees (DNC) hacked computer servers but was denied, Director James Comey told lawmakers on Tuesday.

The bureau made multiple requests at different levels, according to Comey, but ultimately struck an agreement with the DNC that a highly respected private company would get access and share what it found with investigators.

Wed always prefer to have access hands-on ourselves if thats possible, Comey said, noting that he didnt know why the DNC rebuffed the FBIs request.

This is nuts. Are all U.S. government agencies simply listening to what Crowdstike said in coming to their independent conclusions that Russia hacked the DNC? If so, thats a huge problem. Particularly considering what Voice of America published yesterday in a piece titled, Cyber Firm at Center of Russian Hacking Charges Misread Data:

An influential British think tank and Ukraines military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.

The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraines war with Russian-backed separatists.

But the International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraines Ministry of Defense also has claimed combat losses and hacking never happened.

The challenges to CrowdStrikes credibility are significant because the firm was the first to link last years hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.

How is this not the biggest story in America right now?

Yaroslav Sherstyuk, maker of the Ukrainian military app in question, called the companys report delusional in a Facebook post. CrowdStrike never contacted him before or after its report was published, he told VOA.

VOA first contacted IISS in February to verify the alleged artillery losses. Officials there initially were unaware of the CrowdStrike assertions. After investigating, they determined that CrowdStrike misinterpreted their data and hadnt reached out beforehand for comment or clarification.

In a statement to VOA, the institute flatly rejected the assertion of artillery combat losses.

The CrowdStrike report uses our data, but the inferences and analysis drawn from that data belong solely to the reports authors, the IISS said. The inference they make that reductions in Ukrainian D-30 artillery holdings between 2013 and 2016 were primarily the result of combat losses is not a conclusion that we have ever suggested ourselves, nor one we believe to be accurate.

In early January, the Ukrainian Ministry of Defense issued a statement saying artillery losses from the ongoing fighting with separatists are several times smaller than the number reported by [CrowdStrike] and are not associated with the specified cause of Russian hacking.

But Ukraines denial did not get the same attention as CrowdStrikes report. Its release was widely covered by news media reports as further evidence of Russian hacking in the U.S. election.

In interviews, Alperovitch helped foster that impression by connecting the Ukraine and Democratic campaign hacks, which CrowdStrike said involved the same Russian-linked hacking group Fancy Bear and versions of X-Agent malware the group was known to use.

The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the U.S. election is quite chilling, Alperovitch said in a December 22 story by The Washington Post.

The same day, Alperovitch told the PBS NewsHour: And when you think about, well, who would be interested in targeting Ukraine artillerymen in eastern Ukraine? Who has interest in hacking the Democratic Party? [The] Russia government comes to mind, but specifically, [its the] Russian military that would have operational [control] over forces in the Ukraine and would target these artillerymen.

Alperovitch, a Russian expatriate and senior fellow at the Atlantic Council policy research center in Washington, co-founded CrowdStrike in 2011. The firm has employed two former FBI heavyweights: Shawn Henry, who oversaw global cyber investigations at the agency, and Steven Chabinsky, who was the agencys top cyber lawyer and served on a White House cybersecurity commission. Chabinsky left CrowdStrike last year.

CrowdStrike declined to answer VOAs written questions about the Ukraine report, and Alperovitch canceled a March 15 interview on the topic. In a December statement to VOAs Ukrainian Service, spokeswoman Ilina Dimitrova defended the companys conclusions.

In its report last June attributing the Democratic hacks, CrowdStrike said it was long familiar with the methods used by Fancy Bear and another group with ties to Russian intelligence nicknamed Cozy Bear. Soon after, U.S. cybersecurity firms Fidelis and Mandiant endorsed CrowdStrikes conclusions. The FBI and Homeland Security report reached the same conclusion about the two groups.

If the companys analysis was delusional when it came to Ukraine, why should we have any confidence that its analysis on Russia and the DNC is more sound?

Answer: We shouldnt.